Publications

Q: What do you see as the biggest security and privacy challenges, particularly related to healthcare, by the year 2020?

“My greatest security/privacy concern by 2020 is the protection of Electronic Medical Records (EMR). EMR software is often misconfigured, data at rest is rarely encrypted, and internal infrastructure resides without SIEM. The targeted clinical data of thousands of individual patient records resides in one database relying on one-factor authentication.

What is at risk? Patient health records which contain increasingly sensitive data. For example, Epic Systems president Carl Dvorak’s spoke at the annual Epic Systems Users Group Meeting “Down on the Farm” on September 17th, 2014. In his presentation he touted new features coming on line including “Eagle” that incorporate a patient’s own genetic makeup. Breaches in EMR databases could allow criminals the ability to access and leak patients’ data including these irreversible DNA results exposing traits such as alcoholism, criminality, and depression.

I strongly believe the future shines brightly on DNA derived medicine and medical advice which will greatly alter the healthcare industry. I myself have been sequenced by 23andme.com (now blocked by the FDA) with tremendously insightful health results and interesting ancestry data. This is not meant to be a witch hunt on DNA sequencing, but a warning to organizations entrusted to keep patient information safe. From a security perspective finding a balance of EMR usability, research, and security will be the next health industry challenge.”